Gartner SIEM Magic Quadrant: What’s In a Vision(ary)?

What makes a visionary solution provider in SIEM? What are the key capabilities that will help enterprises solve their future threat detection crises, rather than just their present ones?

According to the 2017 Gartner SIEM Magic Quadrant, a Visionary vendor offers “strong functional match to general SIEM market requirements, but [has] a lower Ability to Execute.” In other words, Visionary SIEM solution providers have (in Gartner’s professional estimation) all the tools to meet the requirements of the most common enterprise use-cases but haven’t yet synthesized their capabilities.

However, the word “visionary” strikes us at Solutions Review with a very different meaning. To us, a visionary can see beyond the current trends in SIEM to the glittering future that lies just out of reach—to what changes are coming to cybersecurity.

Therefore, we have to ask if the Visionaries named in the 2017 Gartner SIEM Magic Quadrant really can see the future? If so, what should enterprises value when making a long-term decision for their cybersecurity platforms and protocols? Can the Gartner SIEM Magic Quadrant point us in the right direction?

Here are the 3 Visionaries named in the Gartner SIEM Magic Quadrant, and our takeaways on what those selections might mean for the future of enterprise SIEM solutions:

Rapid7

Rapid7 calls their SIEM solution the Insight Platform. In addition to the core SIEM features, the Gartner SIEM Magic Quadrant notes that Rapid7’s platform benefits from a strong UEBA solution and the recent acquisition of Logentries. The MQ states that clients must download, either physically or via IaaS, the Collectors program to collect and aggregate logs for their solution. Their annual subscription licensing agreements are based on the number of monitored assets in an enterprise, and their as-a-service deployment features simplified architecture and implementation. Upgrades are handled entirely by Rapid7.

Takeaways: Of particular note to us is that Rapid7 handles platform upgrades automatically. A consistent security hole among enterprises in their SIEM platform deployments is that they forget to properly update their solutions afterward. The shift in responsibility from enterprise to solution provider might become more commonplace as enterprises look to offload their cybersecurity workloads from their IT security teams.

The SIEM Magic Quadrant also made note of the inclusion of honeypot technology in the Rapid7 platform. Honeypots—fake servers meant to trick hackers—might thus see increased distribution as a SIEM component; hacks and attacks against enterprises have only increased, and any tool that increases enterprise’s IT security teams chances of detection will most likely see an increase in popularity in kind.

Exabeam

Exabeam received praise from the Gartner SIEM Magic Quadrant for its component collection model: each component can be selected and deployed independently. This allows enterprises to essentially mix-and-match their SIEM solution, allowing for greater flexibility and modification for unique enterprise use-cases. Their UEBA solution is distributed as a standalone solution and is considered by Gartner to be the basis of their features. Exabeam’s licensing approach is also different from the norm of data volume: it’s based on the number of users in an enterprise. Exabeam utilizes big-data.

Takeaways: From Exabeam’s inclusion, the Gartner SIEM Magic Quadrant has begun to favor flexibility in their assessment of SIEM solutions. As more enterprises embrace SIEM capabilities in their cybersecurity platforms, more distinct use-cases will arise thus providing more challenges to solution providers to make solutions that fit. A component-based model, or any other model that can accommodate multiple use-cases at once, could certainly prove a model for future SIEM success. It does indicate that enterprises should truly consider what security analytics capabilities they need

Exabeam and Rapid7 together also indicate that the standard licensing agreement for SIEM might be crumbling as well. At the very least, it is certainly not uniform. While the strength of the security offered should be enterprise’s first concern, finding the right deal will inevitably be just as much a factor in the decision. Look at the service agreements of SIEM solutions and see if they make sense for your use-case.

Takeaways: Two common themes prevalent throughout the Visionaries of the Gartner SIEM Magic Quadrant is the power of as-a-service deployments and UEBA capabilities. The former will ease the burden on IT security teams in terms of deployment, whereas the latter improve the threat detection of your solution. Enterprises looking into SIEM solutions should absolutely consider these tools as vital in their decision-making.

Another interesting point is the improved dashboard. No worthy SIEM solution should be confusing to navigate or to understand. Quite the reverse.

You can examine our findings on the 2017 Gartner SIEM Magic Quadrant here.

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.

Solutions Review brings all of the technology news, opinion, best practices and industry events together in one place. Every day our editors scan the Web looking for the most relevant content about Security Information & Event Management and posts it here.